angr 9.2.214

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Firmware Distribution As Attack Surface: A Security Study of ASIC Cryptocurrency Miners

ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic im- portance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution...

MAL-2026-3331 Malicious code in lazyhtml-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45abfd9582509b7e6ded4a7ce678a25aef82365186bba18330d6f76f1cf3c5ea The package lazyhtml-scripts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3338 Malicious code in ms.analytics-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3329 Malicious code in api-typings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a549cfdf0cbbfa203632d6fe432f69fa60578b8d81b03b75c2bece912aa0c588 The package api-typings was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in seek-pass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5ea10e9459dff09eeff2b45d93b1ffa2458c8b38b7625850b5f2564e3d000f The package seek-pass was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @t-in-one/save_application_hid_to_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

MAL-2026-3335 Malicious code in @bank-widgets/whats-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83244f927bab36b8e6f6493e932fea1ed017f30aaf286c82a81990f509589934 The package @bank-widgets/whats-new was found to contain malicious code. Source: ossf-package-analysis...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fixed a potential NULL pointer derefrence issue. The “offgpios” variable could potentially be NULL. A missing check was added in the “kb3930probe” function. This is similar to the issue fixed in commit b1ba8bcb2d...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: traceeventshist: A check was added to ensure that the return value of createhistfield is checked. The function createhistfield is called recursively at line 1954 of traceeventshist.c, and it may return a NULL value. Therefore, we...

Astra Linux – Vulnerability in libsndfile

In version 1.2.2 of libsndfile, there is a buffer overflow issue in the oggvorbis.c file, specifically in the vorbisanalysiswrote out-of-bounds read function...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It is possible for cpread and hdmiread to return -EIO. These values are further used as indexes to access arrays. The issue was fixed by checking t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: A problem with uninitialized size values was fixed in radeonvcecsparse. In the unlikely event that the command stream passed from user space via the ioctl call to radeonvcecsParse is maliciously crafted, and the first...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: A potential buffer overflow issue has been fixed in nisetmcspecialregisters. The last case label can write two buffers, mcregaddressj and mcdataj, where the offset of ‘j’ equals SMCNISLANDSMCREGISTERARRAYSIZE. Since...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: Fixed the TOCTOU race condition in raininterrupt. In the interrupt handler raininterrupt, the check for buffer fullness on rain-buflen is performed before acquiring rain-buflock. This creates a Time-of-Chec...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/bpf: Fixed pointer arithmetic in bpfplt. Kui-Feng Lee reported a crash on the s390x architecture, triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: EFI: libstub – Only “free privRuntimeMap” is returned when it is allocated. “privRuntimeMap” is only allocated when “efinovamap” is not set. Otherwise, it remains an uninitialized value. In the error path, “privRuntimeMap” is fre...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the VP8 stateless decoder’s “smatch” warning. A “smatch” static checker warning was also fixed in vdecvp8reqif.c. This issue causes the kernel to crash when fb is set to NULL...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If the skb allocation fails, the pointer to struct canframe becomes NULL. This issue is actually handled everywhere within ctucanerrinterrupt, except for the only place where it is not...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: A NULL pointer dereference was fixed in qlcnic83xxaddrings. In qlcnic83xxaddrings, the indirect function ahw-hwops-allocmbxargs is called to allocate memory for cmd.req.arg. A dereference of this variable...